It’s a Fact! No matter how smart the criminals are, they always leave some trace behind.

Two Harvard students have unmasked around 229 drug and weapon dealers with the help of pictures taken by criminals and used in advertisements placed on dark web markets.

Do you know each image contains a range of additional hidden data stored within it that can be a treasure to the investigators fighting criminals?

Yeah it’s true — "A picture is worth a thousand words."

Digital images come with basic metadata, as well as EXIF data that contains information about the device with which it was taken.

EXIF, stands for "Exchangeable Image File Format," may contain image dimensions, date and time (when it was originally taken and modified), the model of camera and its settings, information about the software used for editing, it’s creator and copyright information, as well as GPS co-ordinates of the location where the photo was taken.

If a criminal, let’s say a kidnapper, has taken a photo or video of their captive from a GPS enabled phone or camera and send it as proof of life to victim’s family for ransom, the police would be able to trace back the kidnapper to the exact location where photo was taken.

This is exactly what happened in the latest case when Harvard students, Paul Lisker and Michael Rose, collected more than 223,471 unique images from the underground illegal markets and found 229 images with geolocation data.

"In our investigation, we searched for the presence of these geotags in the images of items for sale on darknet market sites," the pair say in a blog post. "Using Python and bash scripts, we checked each image’s EXIF data for longitude [and] latitude data, saving the coordinates for each geotagged photo and its file path to a text file."

The duo found 229 images that contained unique GPS coordinates which, unless spoofed, can be used by investigators to locate the places where the photos were taken within the range of two kilometers.

Remember, an anonymous hacker who was arrested by the FBI in 2012 after he posted a picture of his girlfriend’s breasts online?

Higinio O. Ochoa III, a.k.a Anonw0rmer, an alleged member of Anonymous-linked CabinCr3w hacking team, who was responsible for hacking into the United States law enforcement agencies and releasing the personal information including phone numbers and home addresses of police officers.

He took picture of his girlfriend’s boobs using his iPhone and posted it on Twitter without realizing the picture contained GPS data pointing directly to his house in Melbourne, Australia.

While the majority of metadata in photos is harmless, but removing EXIF data, especially geo-coordinates, is a smart idea, if you are privacy-conscious.